Jonathan
85455f3271
- Add root .gitignore to prevent btc_wallet.py (with RPC credentials) from being committed - Load JWT SECRET_KEY from environment variable instead of hardcoded value - Restrict CORS to explicit methods/headers instead of wildcards - Add Pydantic Field validation (gt=0) to purchase amounts and user credentials - Add logging to all silent exception handlers in btc.py - Run backend and frontend Docker containers as non-root appuser - Add .dockerignore for both backend and frontend - Pass SECRET_KEY env var through docker-compose; add healthchecks to both services - Update bcrypt from pinned 3.2.2 to >=4.0.0 - Capture error objects in frontend catch blocks; check admin delete response Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
17 lines
350 B
Docker
17 lines
350 B
Docker
FROM python:3.11-slim
|
|
|
|
WORKDIR /app
|
|
|
|
COPY requirements.txt .
|
|
RUN pip install --no-cache-dir -r requirements.txt
|
|
|
|
RUN addgroup --system appgroup && adduser --system --ingroup appgroup appuser
|
|
|
|
COPY . .
|
|
|
|
RUN mkdir -p /app/data && chown -R appuser:appgroup /app/data
|
|
|
|
USER appuser
|
|
|
|
CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]
|